IBM® Lotus® Sametime® System Console

- The New Browser-based Dashboard for Managing your

Sametime® Infrastructure

Michael Herring, Development Lead, Sametime System Console

Bhavuk Srivastava, Senior Software Engineer
Agenda
● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

2
IBM® Lotus® Sametime® 8.5: Introduction
 A key goal of the 8.5 release is to improve the deployment and administration
experience for Sametime products
– Sametime System Console (SSC): Centralized deployment coordination and
administration for Sametime product line.

IP Sametime

Domino®
Presence/
Network IM
VP Sametime
Presence, Chat Legacy
Sametime Connect Alerts, Invites, Legacy Meeting Meetings
Client Content
Sametime
HTTP New Meetings

WebSphere®
Presence, Chat, Alerts, Invites, LDAP
New Meetings content/media Sametime
Browser Client
Media
Server
SIP DB2®
Federated Presence/Chat, Sametime
A/V Control signalling Proxy
Mobile Client RTP
Sametime
A/V Media
Gateway

Sametime
Custom App Client System Console

3
Lotus® Sametime® 8.5 System Console
Centralized configuration and policy management

Sametime
Gateway

Sametime
Proxy
Server

Sametime
Media
Sametime Sametime
Presence/IM Meetings

4
Core Capabilities
• Manage Prerequisites.
– System console manages all needed info for prerequisite components.
– No more install/reinstall of DB2 (for example) for each separate offering.

• Centralize Configuration.
– Setup & testing of things like LDAP centralized in a single location, instead of
various wizards in different installers.

• Facilitate Deployment Planning.

– Mechanism to plan the Sametime server deployment
– Installation of server nodes is simpler, as the shared configuration already
exists. Server installers are “headless”, and need no input from user.

• Single Point of Action for Administration Tasks

– Example: Policy is managed from a single place; is easily made inclusive of all
product line components policy needs.

5
Agenda
● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

6
WebSphere® Application Server
● Application Server - Supports and hosts user applications. Runs on only
one node, can support many application servers.

● Node - Logical group of server-managed processes that share a common

configuration repository.

● Cell - Grouping of nodes into a single administrative domain, all nodes are
administered from a deployment manager server.

● Deployment Manager – Allows the administration of multiple nodes from

one centralized location.

● Node Agent - W orks with the deployment manager to perform

administrative activities on the node.

7
WebSphere® Application Server
● Cluster -A group of servers that are used for the same purpose and are
identified by a single host name.
▬ Horizontal Cluster - Cluster members are on multiple nodes in a cell.
▬ Vertical Cluster - Cluster members are on the same node in a cell.

● Federation – Process by which a node becomes part of a cell

▬ A node agent server is created on the node to manage the WebSphere
Application Server environment on that node.
● Integrated Solutions Console
▬ Provides a single, common interface for system administration.
▬ Provides the main platform on which IBM and non-IBM products can build
administrative user interfaces as individual plug-ins to a common console
framework.

8
WebSphere® Application Server Deployment

Cell
Node
Node Agent
Node
Deployment
Application Servers
Manager

Node Node Agent

Application Servers

9
Cell Profile

● Creates a Deployment Manager Profile and a federated Application

Server Profile

● Internally, 2 profiles are created

Deployment Manager profile
Application Server profile

● The Application Server is federated to the cell of the Deployment

Manager.

● Deployment Manager and Application Server reside on the same

system.

10
IBM® Rational® Installation Manager - IM
● Eclipse run-time based program to manage entire life-cycle of
product packages

▬ Installation
▬ Updates
▬ Roll Back
▬ Modification
▬ Uninstall

11
Agenda
● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

12
System Console Server
● Built on J2EE technology

● Extension to IBM® Integrated Solutions Console

● Built purely on open standards

▬ XML
▬ HTTP/HTTPs – For some administrative communication
▬ SOAP for all admin related functions
▬ JDBC for all database operations
▬ JNDI for all LDAP requests

13
Architecture Illustrated
MEETINGS

PROXY

COMMUNITY

LDAP Community
SSC
MEDIA Registration
Utility

System Console Server

SSC Admin
Deployment Manager
REST/JMX
SSC Portlets
JMX(MBean)

SSC Application Server

REST API (HTTP)

JDBC

DB2

14
General Concepts - LDAP
Sametime Community is defined by its directory
● Directory choice - LDAP (Domino®, IDS, SunOne, ActiveDirectory, Novell, ADAM)
➢ Same directory configuration

● Synchronized LDAP configuration between System Console and Sametime server

● Supports multiple federated repositories

● All servers work from common view of directory and share information in that context
➢ Same search filters, login attributes

15
LDAP – Simplified User Experience

16
General Concepts - Database
● Aims to provide a single view of
database planning and management.

● Sametime deployment information

storage

● Provides validation of the datasource

being used for products.

● Auto registration of System Console

database.

17
General Concepts - Deployment
● Deployment framework is the heart of the System Console application server

● Provides the capabilities of planning and building the Sametime deployment

● Built on schema based deployment description templates and extensible design model.
● Makes the installation of server nodes simpler, as the shared configuration already exists.
● Supports both Domino® and WebSphere® based product
● for e.g. Sametime server, New Meetings server

● Performs validation on deployment object (product servers, LDAP, etc)

● Handles the product server's and pre-requisites relationship and inter-dependencies.

18
Deployment Framework

Service Layer APIs

Deployment Product Deployment Product Deployment Product

(Meetings) (Media) (Community)

System Console Server Run Time

Engine

XML
Documents

19
General Concepts - Clustering
● Sametime System Console provides a user friendly Clustering tool

● Step by step Guided Activity to cluster WebSphere® Application Servers

● Performs validation prior to creating the cluster

● Domino clusters are registered manually using Post Install Registration utilities.

● SSC Deployment Manager can be used as the DM for any Sametime product
● Can be shared between multiple products. (One DM for all Sametime servers)

● Product dedicated Deployment Managers can also be used

● All tasks including federation are driven from the System Console browser
● No switching back and forth between servers to build the Cell

20
Plan and Build- Guided Activities

 Guided Activities- The Basics

 Guided Activities (GA's) are used to collect information about customer's

environment that is used to install and configure products
• Provides cross product validation to reduce occurrences of post-install
configuration issues

• Guided activities validate most required input before install time

− Disk space, paths etc are validated by installer

• Allows for less user input, since information already known by SSC is not asked
for in detail (LDAP settings, etc), reducing human error

21
Plan and Build
 Planning starts from the System Console using the Guided Activities
 Set up Pre-requisites (LDAP, DB2®)
 Plan Sametime Installations
 Run Installation Manager to install the product
• Connect to System Console to retrieve Deployment Plan
 Once a product is installed, the System Console can administer the product
remotely

 Some products require other products to be installed prior to planning the

installation
 Example: Sametime Proxy requires Sametime Community to be installed

22
Plan and Build
 Pilot Deployment
 Small deployments used to test features
• Use 'Cell Profile' selection in Guided Activity to install
− This was what most beta customers did
− Cell Profile may be used to expand to a cluster later

 Clustered Deployment
 Multi-System deployments used for failover and load balancing
• Vertical clusters contain many servers on a single node (the 'Primary Node')

• Horizontal clusters contain one server on each node in the cluster

− Most common cluster topology

23
Plan and Build
 Building a Cluster
 Plan and Install the Product Nodes

 Use the System Console Clustering Guided Activity to federate nodes, create the
Cluster, and add additional Cluster Members

 System Console will provide step by step guide to create a complete cluster
Deployment which will be administered using SSC.

24
Retrieving Plans from System Console

25
General Concepts – Product Registration
● Set of command line tools/utilities for registering products into SSC

● Powerful and useful stuff for administrators.

➢ Product can be registered after an upgrade to 8.5

➢ Product can be registered if it was installed without using a Guided Activity.

● A product server must be registered with the SSC in order for it to be administered.

● All 8.5 product installers lay down these utilities

● Can be found in <product install root>/console directory

● Only 8.5 products can be administered from SSC

26
 Stand-alone Server Registration and Unregistration

WebSphere® Based products

● registerProduct.bat/sh
To register stand-alone product servers (Meetings, Proxy, Gateway, Media) with SSC.

● unregisterWASProduct.bat/sh
To unregister product server from SSC

Domino® Based products

● registerSTServerNode.bat/sh
To register Community server with SSC.

● unregisterProductNode.bat/sh
To unregister Community server from SSC.

27
 Cluster Registration and Unregistration

WebSphere® Based products

● registerProduct.bat/sh
To register a product cluster with SSC

● removeWASClusterRegistration.bat/sh
To remove registration of product cluster from SSC

Domino® Based Product

● registerSTCluster.bat/sh
To register Community/Domino server cluster with SSC.

● removeClusterRegistration.bat/sh
To remove Community/Domino cluster from SSC

28
General Concepts - Policy
● 8.5 has introduced an enhanced user policy model for all products

● Any product that is administered by the SSC has the same user policy in effect

● Model is based on weights- the document with the highest number that is applied to the
user or his/her groups is the policy that is applied to that user (no inheritance model)

● Tools available to look up a user's policy by product

● Policy information is stored in the SSC database

➢ Meetings accesses this information directly from the database
➢ Community server keeps a cache and updates periodically from SSC
➢ Proxy and Media Manager use Community for Policy info

29
General Concepts - Administration
 Provides a consolidated administration interface for all Sametime products

 Provides secure communication between products and System Console using a common
framework model

 One interface to administer Policies for all Sametime products

 New weights-based model allows administrators to easily set Policy ordering

 Easy view of all policies that apply to users and groups

 Policy interface is dynamically generated based on policy templates

30
Administration Using the System Console

31
Sametime Infrastructure

32
Agenda
● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

33
Agenda
● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

34
Tips and Tricks
● While creating plan for a product or installing the product, make sure all the
servers should be reachable from each other.
▬ Add hosts entries in all servers if not present in DNS.

● While creating databases, make sure same database is not shared between two
products.

● While getting plan from SSC from installer, if the connection is too slow, you
may have to increase the time-out period.
▬ Create an environment variable ST_SSC_CONNECT_TIMEOUT=60/120
(Time in secs)

● Do not include "=" signs in Deployment name in productConfig.properties

required for registration.

● LDAP details need to be entered it productConfig.properties file while

registering Gateway server

35
Tips and Tricks - contd.
● To change an existing LDAP for a product Server(e.g. Sametime Meetings)
▬ Add a new LDAP with SSC, and manually configure with meeting server

● To register Secondary Node using registration utilities, DB and LDAP host

entries should be entered manually before registrations

● How to install IBM Lotus Sametime Community Server on pure IPv6 machine.
▬ For pure IPV6 environment
▬ Through installer install Community Sever without SSC.

▬ Later register this server with SSC using utility.

▬ For mixed environment (IPv4 and IPv6) look at the document here:
▬ https://idoc2.swg.usma.ibm.com/sametime/index.jsp?topic=/

com.ibm.help.sametime.v85.doc/install/
inst_config_chat_ipv6_deployplan.html

36
Troubleshooting
● All error messages get logged to the SystemOut.log on the SSC dmgr and
STConsoleServer, occasionally the nodeAgent.

● Location for SSC server logs

▬ ISC Portlets - Client side logs
▬ <WAS_INSTALL_ROOT>\profiles\STSCDMgrProfile\logs\dmgr
▬ SSC Server – Server side logs
▬ <WAS_INSTALL_ROOT>\profiles\STSCAppProfile\logs\STConsoleServer

● Location for SSC client registration utility

▬ <Product_Install_Location>\console\logs
▬ e.g. C:\WebSphere\STServerCell\console\logs

● For any issues related to authenticaiton/security,

▬ check deployment manager logs

37
Troubleshooting - contd.
● The most common problem is that the servers are not started properly.
SSC is a cell profile- this means it has a dmgr, a node agent, and an
application server, all 3 need to be running for proper functionality.
▬ startManager.bat(sh)
▬ startNode.bat(sh)
▬ startServer.bat(sh) STConsoleServer

● Make sure there is no clock skew between servers.

▬ Possible error security tokens no longer valid.

● Creating more than one plan for community server on single machine
is invalid.
▬ SSC will not validate Domino credentials in this scenario

38
Troubleshooting - contd.

● All SSC errors start with 'AIDSC' followed by a 4 digit number

▬ e.g. 'AIDSC1234E'. Look for these errors first when debugging SSC errors

● LDAP known issues

▬ saMAccountName attribute for Active Directory should not be used - enter
uid instead, it will map accordingly to this attribute.

▬ Admin name used for WebSphere should not match a username in the
LDAP

39
Troubleshooting - contd.

● Troubleshooting Federation
▬ Federation adds the nodes into the dmgr's cell. Most issues with clustering
in 8.5 are around federation.

▬ Before federation there is some validation in the Guided Activity to prevent

users from running into problems (clock sync issues, etc.)

▬ Debug as a normal WAS addNode command

▬ check addNode.log, on the nodes in logs directory

▬ Check for product technotes for all known issues that we may have skipped
here...

40
Troubleshooting - contd.

● Troubleshooting other Clustering issues

▬ Ensure that all nodes have been synchronized before restarting the node
agents.

▬ Occasionally the deployment manager will have to be restarted in the

middle of the clustering guided activity,
▬ Guided Activity will tell you when it is appropriate to do so.

▬ You can pick up where you left off by using the 'Modify Existing

Cluster' option.

▬ All Clustering Guided Activity actions will log to the deployment manager's
SystemOut.log.

▬ The Clustering GA will print error messages to the browser for the most
common user errors
▬ (clock sync issues, node not started, etc)

41
Troubleshooting - contd.

● Policy Issues
▬ Use the tool in SSC to check which policy is applied to a user

▬ If policies are not in effect for Community users, check that it is configured
to use SSC in the sametime.ini

▬ POLICY_DB_BB_IMPL=com.ibm.sametime.policy.databasebb.xml.DbXmlBl
ackBox
▬ (all one line)

▬ If settings change was recent, community server will refresh after 1 hour, or
you can restart the community server and it will refresh its cache upon
startup

42
Troubleshooting - contd.
● Installation issues
▬ It is always good to use shorter install path names as WAS allows only 80
characters for the profile path name

▬ Make sure that the LDAP/DB2® hostnames are reachable from the product
machines during installation

▬ Sometimes it is required to use authenticated access for LDAP. Even

though validation passes, when installing WAS is not able to retrieve all
attribute values.

▬ Make sure that the DB2® user id which is being used during install has
admin rights

▬ Before starting uninstall , stop all the servers.

43
Troubleshooting - contd.
● Installation issues
▬ When installing multiple products on same machine ,only Cell profile types
can co-exist.

▬ System Console & Meetings databases are mutually exclusive.

▬ Do not use System Console database for attaching into the meetings

Server deployment plan.

▬ For AD LDAP, way to consume the "samAccountName" attribute within

WAS is by specifying "uid" (a VMM property) during LDAP plan creation/IM
installation as WAS already has a internal map of the uid property to
samAccountName

▬ Short host names should be 11 characters or less when planning

installations from the Guided Activities in the 8.5 release (bug will be fixed
in the next release)

44
Firewalls and Ports
● The System Console Server needs access through the following ports for the
following servers
▬ Meetings, Gateway, Media, Proxy
▬ SOAP port (default 8880)

● AboutThisProfile.txt SOAP connector port value

▬ Meetings needs access to SSC db (default port 50000 on windows)

▬ Community
▬ Community HTTP or HTTPs (default 80 and 443)

▬ Community needs access to SSC HTTP or HTTPS (default 9080 and

9443)

● Installation Utilities need access to SSC

▬ SSC HTTP or HTTPs (default 9080 or 9443)

● DB2® port (default 50000 on windows)

● LDAP (default 389 or 636)

45
THANK YOU!

46
Legal Disclaimer
© IBM Corporation 2009. All Rights Reserved.

The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of
the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on
IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of
the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of,
creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software.

References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product
release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other
factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor
shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International
Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other
countries, or both.

47